Anyone Monitoring Windows Desktops?


#1

Greetings,

I’m wondering if it might be a good idea to build a separate Graylog instance, just for collecting logs from Windows Desktops with nxlog.

Is anyone already doing this, or can someone share any possible pros and cons associated with this?

Thanks very much, in advance.


(Jan Doberstein) #2

If you would go with the nxlog community edition - you might want to switch over to winlogbeat from elastic to collect the information into Graylog.

I have written this blog post that give you some information on this topic:

https://www.graylog.org/post/back-to-basics-enhance-windows-security-with-sysmon-and-graylog


#3

Thank you very much.

I will look into this and let you know how it goes.


#4

You can use the WEF framework. See for example this: https://docs.microsoft.com/en-us/windows/desktop/wec/windows-event-collector and this: https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection